1. Field of the Invention
The present invention relates to an improved method and system which allows for the diagnosis or analysis of operation of software within a data processing system which includes a protected operating environment, an environment which is sometimes referred to as a “tamper-resistant” environment or a so-called “protected” processing environment. That is, the present invention allows for analysis of software operation despite the environment having been designed to prevent ordinary tools such as debuggers or tracing tools which could allow for indication of the operation of the software (and without impacting the normal protection of such environment). Preventing or discouraging use of such tools is desirable to protect content and rights in a digital rights management system, for example.
2. Background Art
Many prior art systems exist which deliver content to a processing environment where it is both protected and rendered, e.g., through the use of hardware and/or software of a user's system. Such systems, in general, either do not protect the software and the content being handled from improper analysis or totally prevent diagnosis of operational problems with software by precluding analysis of the software. That is, digital rights management systems such as are shown in the DRM patent rely on the processing environment being protected from tampering or snooping by preventing or restrict the attachment of tracing software and other debugging software. By preventing the attachment of such software, the DRM software makes the system more secure and is sometimes referred to as tamper-resistant environment software or a protected processing environment. In a system such as a DRM system, it is desirable to provide such tamper resistance to protect data used by the system (such as usage rights and secure content) from being observed and/or altered during the data processing of the system, to make it more difficult for the protection of the digital rights management system to be overcome or the content to be obtained without protection.
While the normal operation of a protected data processing system or environment implies that it is unnecessary for any watching of the operation of the software or to trace or debug software, there are situations where the ability to watch the program operation would be desirable. For example, during development and test, it is desirable to know what the program is doing (the steps that are being executed and the results of tests) to make sure the operation is normal and according to specifications. Later, during operation of the program at a user's environment, an apparent abnormality or bug may appear and it would be desirable to know the context of the abnormality—what was the program doing and which part of it was acting improperly. A typical DRM would have a variety of internal different components which could be at fault, ranging from a corruption in the executable code, an incorrect decryption key, incorrect rights or altered content, any one of which could lead to improper execution of a DRM of the type described in the DRM Patent. In addition, a digital rights management system may be loaded on a processing system in which a variety of other programs are resident and may be operating in parallel, causing some possibility of corruption of the system.
Of course, it is possible to design the system with the “tamper-resistance” which is capable of being turned “on” and “off” as desired, in a variety of ways. That is, if situations where it is desirable to watch the program operation, the tamper-resistance features could be temporarily turned “off”, or disabled, to allow for monitoring of the operations, either manually by an operator or automatically in response to an anomaly such as an error message. Such a “switch” has the undesirable effect, however, of providing a circumvention method to permit the very tampering which the tamper resistance is designed to prevent and undermine the security of the tamper-resistant environment.
The Instrumentation Patent describes a situation where dynamic instrumentation is permitted in a digital rights management system, and such a system might be used to provide information about the operation of software to permit debugging or analysis of the operation of the software. However, such an instrumentation system may have undesirable effects of reducing the security of the system by allowing instrumentation to provide information on the operation of the digital rights management system to unauthorized personnel and reduce the security of the system.
Thus, the prior art systems have undesirable disadvantages or limitations, and those undesirable limitations either restrict the ability to determine the operation of the system or allow possible attacks of the system, neither of which is desirable.